Attacker Decrypts Computers Infected with Locker #Ransomware

Posted: June 3, 2015 in Tech

digital locksComputers infected by the Locker crypto-ransomware were decrypted yesterday as promised by the malware’s author, who last week posted the decryption keys to an upload site and apologized for releasing the malware.

Lawrence Abrams of Bleeping Computer said the infected computers were decrypted for free. A post to Bleeping Computer said that the author’s decryption command only works on computers that are still infected. Any machines that have removed the malware can use a tool posted to the site over the weekend to decrypt their files.

A database containing the Bitcoin address where payments were to be made along with public and private keys, was uploaded over the weekend to mega.co.nz in a CSV file, a post to Pastebin from the alleged author says. Details on the structure of the encrypted files were also provided.

“This is a dump of the complete database and most of the keys weren’t even used,” the post says. “All distribution of new keys has been stopped.”

The post also promised that automatic decryption of any infected computers was to begin at midnight yesterday.

Full Story @ [ThreatPost]

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s